Even copy / paste can install a virus

Share with:

FacebookTwitterGoogleVkontakteTumblrStumbleUponLinkedInRedditPinterestPocketDigg

A harmless operation like copying text from an Internet site can open the door to a cyber attack. That’s how.

The greatest danger comes when a subverts attack one of our indisputable certainties. When we copy an element with the classic Ctrl + C, for example, we do not say even the problem of what we actually copied to the clipboard. And why should we?

According to Dylan Ayrery , we should be very carefully. Especially when the element that we have copied will be pasted into a Prompt window in Power Shell or in a terminal window.

Hijacked

Ayery, in a post on GitHub, explains in detail the question, actually known for some time but underestimated a bit ‘all. The tool that can transform the sequence of commands Ctrl + C / Ctrl + V in a potential disaster is a simple Javascript or even the use of CSS in an HTML page.

The crux of the matter is that the copied content changes when you paste it. And if this happens in a terminal window, it means that a command is executed instantly, performing any kind of action on your computer.

windows-terminal

The typical scenario in which an attacker can use such a technique is that of a Web page that shows, for example, a guide with rather long and complex instructions. In front of commands followed by a variety of options (usually cryptic), who would not use the copy-paste?

Keep in mind that, among other things, the “malicious” javascript could also be injected by criminals on sites that we believe are reliable or that we have used in the past with no problems.

To protect against such an attack there is only one reliable method: paste the copied text to Notepad before using it, making sure it matches the original.

 

Share with:

FacebookTwitterGoogleVkontakteTumblrStumbleUponLinkedInRedditPinterestPocketDigg

Leave a Reply

Your email address will not be published. Required fields are marked *